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DETAILED ACTION 

1. This action is responsive to communications: application, filed 7/24/2003; 
amendment filed 1/31/2007. 

2. Claims 1-32 are pending in the case. 

Response to Arguments 

3. Applicant's argument with respect to rejection under Section 1 12 is found 
persuasive, and the rejection is withdrawn. 

4. Rejection under section 101 relative to claims 1-32 is withdrawn due to 
amendments by the applicant. 

5. With respect to rejection of claim 1 under Section 102, applicant argues: 
"Honarvar et al. do not disclose or suggest that a correlation between the user and the previously 
answered questions do not violate one or more predefined correlation rules." However, parag. 
21 of Honarvar teaches assigning points to group of questions based on the predictive 
power of questions. The groups are created based on information about the user, which 
clearly shows a correlation between the questions and the user. The point assignment 
is used to measure the overall assessment of user authentication process. Therefore, 
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the authentication process assessment is based on the points, which is based on the 
correlation between the questions and the user. Therefore Honarvar clearly teaches 
assessment of authentication based on correlation rules between the user and the 
questions. 

Applicant further argues: "In fact, the examples provided by Honarvar et al, would fail the 
qualitative correlation criteria of the present invention because it is easy to associate the user 
with his/her questions just from a database lookup or web search. Thus, Honarvar et al. clearly 
do not disclose or suggest ensuring that a correlation between the user and the previously 
answered questions does not violate one or more predefined correlation rules," as required by 
each independent claim." However, applicant does not specify which example of Honarvar 
fails the qualitative correlation criteria, or why such failure leads to the conclusion that 
Honarvar fails to disclose the claimed limitation. 

Applicant further argues that their invention allows definition of correlation rules to 
ensue that a given answer is not correlated with the user. However, such limitation is 
not found in claims at hand, as the claims merely require that a correlation rule is not 
violated. 

Based on the above discussion, applicant argument regarding allowability of claim 1 is 
non persuasive. Accordingly the argument relative to claim 22 and the dependent 
claims is also not persuasive. 
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Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

7. Claims 1-32 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Honarvar et al. (US Patent Application Publication No. 2003/0154406, filed 8/21/2002) 

7.1. As per claim 1, Honarvar is directed to a method for authenticating a user 
(abstract), comprising: obtaining an asserted identity of said user (parag. [105]); 
obtaining a random subset of questions that said user has previously answered (parag. 
[15] and Fig. 17, item 1730 and associated text indicates how Honarvar teaches using a 
random subset of questions for authentication validation), wherein a correlation between 
said user and said previously answered questions does not violate one or more 
predefined correlation rules (parag 21 teaches choosing questions based parameters 
specific to the user, and therefore shows questions are selected based on how they 
correlate to the user); and presenting one or more questions to said user from said 
random subset of questions (Fig. 30 and associated text (parag. [217]))until a 
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predefined security threshold is satisfied (per parag. [21], points are assigned to each 
group of questions, which is used to determine the threshold), wherein said user is 
authenticated when said predefined security threshold is satisfied (parag. 17 or Fig. 7 
and associated text). 

7.2. As per claim 2, Honarvar is directed to the method of claim 1, wherein said 
predefined security threshold is based on a sum of security weights of correctly 
answered questions (parag. [21]). 

7.3. As per claim 3, Honarvar is directed to the method of claim 1 , wherein one or 
more of said questions are directed to an opinion of said user (for example parag 27, 
where the question for the user is to identify the best known food). 

7.4. As per claim 4, Honarvar is directed to the method of claim 1 , wherein one or 
more of said questions are directed to a trivial fact (parag. 24, where the questions are 
trivial to the user). 

7.5. As per claim 5, Honarvar is directed to the method of claim 1 , wherein one or 
more of said questions are directed to an indirect fact (parag 25, where the questions 
include options in the user's first car or private and public information). 



Application/Control Number: 10/626,483 Page 6 

Art Unit: 2132 

7.6. As per claim 6, Honarvar is directed to the method of claim 1 , further comprising 
the step of presenting said user with a larger pool of potential questions for selection of 
one or more questions to answer (Fig. 12, items 1205 and 1210 and their associated 
text). 

7.7. As per claim 7, Honarvar is directed to the method of claim 6, further comprising 
the step of ensuring that said questions selected by said user meet predefined criteria 
for topic distribution (parag 21. Also see Fig. 12 item 1225 and associated text, where 
the group of questions are selected and weighted). 

7.8. As per claim 8, Honarvar is directed to the method of claim 6, wherein said larger 
pool of potential questions are selected to be attack resistant (per parag 41, user 
authentication involves detecting fraud, which makes it attack resistant). 

7.9. As per claim 9 and 10, Honarvar is directed to the method of claim 1, wherein 
said one or more predefined correlation rules ensure that answers to user selected 
questions cannot be qualitatively/quantitatively correlated with said user (parag. 20 
teaches using context sensitive questions, which eliminates qualitative or quantitative 
correlation with the user). 

7. 1 0. As per claim 1 1 , Honarvar is directed to the method of claim 1 , further comprising 
the step of requiring said user to have a second factor (parag. 104, where the 
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authentication is based on a combination of three factors of what user know, what user 
has, and what user is). 

7.11. As per claim 12, Honarvar is directed to the method of claim 11, wherein said 
second factor is a required possession of a given device (parag 105). 

7.12. As per claim 13, Honarvar is directed to the method of claim 11, wherein said 
second factor is a required personal identification number (parag 105). 

7.13. As per claim 14, Honarvar is directed to the method of claim 11, wherein said 
second factor is a computer file, wallet card, or piece of paper on which is written the 
user's selected questions and corresponding question indices (paragraph 238 indicates 
that the user is requested to check the answer to questions, such as the credit card 
number, by verifying the document at user's position). 

7.14. Claim 15 is identical to claim 14. 

7.15. As per claim 16, Honarvar is directed to the method of claim 1, wherein said 
questions from said random subset of questions are presented to said user in a random 
order (Fig. 17, item 1730 allows random presentation of questions to the user). 
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7.16. As per claim 17, Honarvar is directed to the method of claim 1, wherein said 
questions are presented to said user in the form of an index identifying each question 
(Fig. 35, item 3520 indicates the attributes of the question and answers, including a 
question ID). 

7.17. As per claim 18, Honarvar is directed to the method of claim 1 , wherein answers 
to said questions are received from said user in the form of an index identifying each 
answer (user answers are counted in the scoring process to determine authentication 
as described in paragraphs 235-240. The system assigns the score based on user's 
answer. Therefore, the system must use an indexing criteria to identify each answer in 
order to determine the points assigned to each answer). 

7.18. As per claim 19, Honarvar is directed to the method of claim 16, wherein said 
index identifying each answer can be aggregated to form a password (see response to 
claim 18, and note that the aggregation of user answers determines whether the 
authentication scoring requirements are met or not. Therefore Honarvar teaches how an 
aggregate of answer indices can be used to determine passing or failing). 

7.19. As per claim 20, Honarvar is directed to the method of claim 16, wherein a 
portion of each answer can be aggregated to form a password (see response to claim 
19, and note that the index to an answer could be a portion of the answer). 
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7.20. As per claim 21 , Honarvar is directed to the method of claim 1 , further comprising 
the step of storing an indication of said subset of questions on a device (the set of 
subset of questions is stored on the authentication engine, which is a device). 

7.21 . Limitations of claims 22-32 are substantially the same as claims 1-21 above. 

Conclusion 

8. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is (571) 
272-3739. The examiner can be normally reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 

Farid Homayounmehr 
4/6/2007 
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